Microsoft Security Response Center
Microsoft Security Response Center (MSRC) is a threat intelligence feed for security vulnerabilities impacting Microsoft products and services. You can use the MSRC connector to pull MSRC CVRF (Common Vulnerability Reporting Framework) monthly updates and CVE (Common Vulnerabilities and Exposures) data into the Brinqa Platform.
This document details the information you must provide for the connector to authenticate with MSRC and how to obtain that information from Microsoft. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Microsoft Security Response Center from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate MSRC with Brinqa:
-
API URL: The MSRC API URL. The default URL is
https://api.msrc.microsoft.com. -
API version: The year of the MSRC API version. The default API version is 2024.
Types of data to retrieve
The MSRC connector can retrieve the following types of data from the MSRC API:
Table 1: Data retrieved from MSRC
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Product | No | Not mapped |
| Security Bulletin | Yes | Security Advisory |
| Security Update | Yes | Vulnerability Definition |
The MSRC connector does not currently support operation options for the types of data it retrieves.
For detailed steps on how to view the data retrieved from MSRC in the Brinqa Platform, see How to view your data.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes.
Security Bulletin
Table 2: Security Bulletin attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| ALIAS | Local variable |
| ISSUING_AUTHORITY | Local variable |
| LAST_UPDATED | sourceLastModified |
| RELEASE_DATE | publishedDate |
| RELEASE_NOTES | description |
| SYS_ID | uid |
| TITLE | name |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models (UDM). They only exist on the source data model (SDM).
Security Update
Table 3: Security Update attribute mappings
| Source Field Name | Maps to Attribute |
|---|---|
| ARTICLE | Local variable |
| BULLETIN_ID | Local variable |
| CVE_ID | cveIds, cveRecords |
| CVSS_BASE_SCORE | Use CVSS calculator |
| CVSS_TEMPORAL_SCORE | Use CVSS calculator |
| CVSS_VECTOR | Use CVSS calculator |
| DESCRIPTION | description |
| DOS | Local variable |
| EXPLOITED | exploitability |
| FAQ | Local variable |
| IMPACT | Local variable |
| LAST_REVISED | sourceLastModified |
| LINKS | references |
| LATEST_SOFTWARE_RELEASE | Local variable |
| OLDER_SOFTWARE_RELEASE | Local variable |
| PRODUCT_ID | affected |
| PUBLICLY_DISCLOSED | Local variable |
| PUBLISHED | publishedDate, sourceCreatedDate |
| SEVERITY | severity |
| SUPERSEDES | Local variable |
| SYS_ID | uid |
| TITLE | name |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models (UDM). They only exist on the source data model (SDM).
Use CVSS calculator indicates that the CVSS (Common Vulnerability Scoring System) vectors and scores aren't directly mapped to a specific attribute on the UDM. Instead, a specialized library calculates the CVSS scores from the provided CVSS vector strings.
APIs
The MSRC connector uses the MSRC CVRF API. Specifically, it uses the following endpoints:
Table 4: MSRC API Endpoints
| Connector Object | API Endpoints |
|---|---|
| Product | /cvrf/{updateID} /updates |
| Security Bulletin | /cvrf/{updateID} /updates |
| Security Update | /cvrf/{updateID} /updates |
For additional information about the specific API endpoints, please see the MSRC CVRF API Swagger JSON.
For additional information on Microsoft security updates, please see the Microsoft Security Update Guide.
Changelog
The MSRC connector has undergone the following changes:
Table 5: MSRC connector changelog
This connector is part of a bundled release with other connectors from the same vendor. If a version shows "No change", it means that the connector version was updated for consistency as part of the bundle, but no functional changes were made to this specific connector. You can update to or skip this version without affecting your existing configuration.
| Version | Description | Date Published |
|---|---|---|
| 3.4.16 | No change. | June 11th, 2025 |
| 3.4.15 | No change. | May 27th, 2025 |
| 3.4.14 | No change. | May 21st, 2025 |
| 3.4.13 | No change. | May 20th, 2025 |
| 3.4.12 | No change. | April 22nd, 2025 |
| 3.4.11 | No change. | April 7th, 2025 |
| 3.4.10 | No change. | April 1st, 2025 |
| 3.4.9 | No change. | March 26th, 2025 |
| 3.4.8 | No change. | February 12th, 2025 |
| 3.4.7 | No change. | January 28th, 2025 |
| 3.4.5 | No change. | December 19th, 2024 |
| 3.4.4 | No change. | December 6th, 2024 |
| 3.4.3 | No change. | November 28th, 2024 |
| 3.4.2 | No change. | October 7th, 2024 |
| 3.4.1 | No change. | September 27th, 2024 |
| 3.4.0 | No change. | September 17th, 2024 |
| 3.3.10 | No change. | September 4th, 2024 |
| 3.3.9 | No change. | August 27th, 2024 |
| 3.3.8 | No change. | July 24th, 2024 |
| 3.3.7 | No change. | July 24th, 2024 |
| 3.3.6 | No change. | July 8th, 2024 |
| 3.3.5 | No change. | May 20th, 2024 |
| 3.3.4 | No change. | May 20th, 2024 |
| 3.3.3 | No change. | May 20th, 2024 |
| 3.3.2 | No change. | May 9th, 2024 |
| 3.3.1 | No change. | May 3rd, 2024 |
| 3.3.0 | No change. | April 30th, 2024 |
| 3.2.2 | No change. | April 26th, 2024 |
| 3.2.1 | No change. | April 19th, 2024 |
| 3.2.0 | No change. | April 4th, 2024 |
| 3.1.18 | Initial Integration+ release. | April 4th, 2024 |